Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4nU_G2NrgnPqljlhlJFoohUfd4k.cer
File:                     4nU_G2NrgnPqljlhlJFoohUfd4k.cer (raw, json)
Hash identifier:          7UoU2rIrs7wV3CB4AGcO5eX+s9sAw/9ehHe9bSovlAs=
Subject key identifier:   E2:75:3F:1B:63:6B:82:73:EA:96:39:61:94:91:68:A2:15:1F:77:89
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC50009FAB2039BCBBCC81715DF489E13
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/e358f3-3188-4912-9c31-ca103ac45b6c/1/4nU_G2NrgnPqljlhlJFoohUfd4k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/e358f3-3188-4912-9c31-ca103ac45b6c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200912

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:09:fa:b2:03:9b:cb:bc:c8:17:15:df:48:9e:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2753f1b636b8273ea963961949168a2151f7789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:66:e0:c4:1f:64:ef:b4:fa:9a:8e:51:45:29:
                    47:91:d7:13:a7:77:02:a4:b3:ca:0f:5f:ec:66:f4:
                    e4:1a:04:de:7b:09:4f:79:5c:71:19:c3:03:57:96:
                    f1:d3:2c:94:d1:a1:88:4c:7b:92:7b:54:fd:cd:b1:
                    ce:c8:f4:20:51:9d:78:8a:d4:4a:0c:f0:73:b8:ac:
                    0f:fe:1d:54:35:ce:be:e3:0f:7c:ed:22:f5:0c:13:
                    48:7a:cf:72:c1:93:40:39:6e:7b:a1:65:3c:09:ed:
                    15:cb:6c:45:01:c3:a2:d6:bb:c2:b6:58:bd:17:47:
                    00:1f:24:2c:ee:78:ab:11:42:0d:f4:38:e9:3b:71:
                    4c:8e:72:0c:58:5c:eb:7a:38:85:3b:98:ea:0a:fa:
                    e8:7f:08:9c:99:28:cd:96:37:32:33:c8:31:1b:f8:
                    83:6d:63:23:ef:70:30:21:b5:97:11:f6:88:ca:ff:
                    8e:d4:df:98:84:f8:61:66:3f:6c:6b:6e:22:65:94:
                    6f:08:5a:41:55:20:d7:84:16:bc:96:33:b3:ad:d6:
                    fa:f0:ce:2a:43:cb:9a:fa:bc:84:48:be:c1:b4:3d:
                    5d:b6:f8:7d:29:e4:d2:e8:de:a7:be:96:02:2d:27:
                    73:8a:72:a9:b1:d3:11:b5:da:3c:d8:11:5b:22:be:
                    5c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:75:3F:1B:63:6B:82:73:EA:96:39:61:94:91:68:A2:15:1F:77:89
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e358f3-3188-4912-9c31-ca103ac45b6c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e358f3-3188-4912-9c31-ca103ac45b6c/1/4nU_G2NrgnPqljlhlJFoohUfd4k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200912

    Signature Algorithm: sha256WithRSAEncryption
         22:b2:75:13:5c:f7:7d:3a:a2:02:98:3c:15:d9:b9:90:d4:e8:
         d1:2f:df:9c:36:d3:bb:99:a1:c8:35:95:2c:a9:a9:5d:a9:f4:
         93:02:8c:0d:5c:68:50:8a:d3:eb:f8:85:5e:4d:e1:cd:08:4d:
         98:af:09:9f:d0:82:d1:80:7a:e4:7d:cf:62:21:2b:3d:09:f9:
         7f:27:e9:ee:94:51:2e:b2:4a:e6:96:37:e2:41:93:28:6e:c4:
         97:cf:28:5d:1f:8e:6a:87:9b:4e:83:6a:fb:ae:98:56:58:fc:
         5e:42:ef:55:f6:c1:41:6e:ca:84:c1:c9:5a:49:48:53:26:42:
         2f:65:ea:c9:31:34:20:d9:cb:e6:b9:25:49:84:53:d2:5d:2f:
         17:f7:7b:68:65:f8:23:5e:82:62:ac:73:fd:6b:2c:68:2b:96:
         8c:82:fc:13:cd:c3:d3:de:bf:fb:af:6f:23:0b:e9:a7:c7:97:
         60:5c:96:57:44:4b:d4:c8:20:2a:b2:6b:29:d8:f9:a8:70:c0:
         fd:d6:7c:7b:52:dd:1c:6a:f0:15:97:20:85:e0:7b:30:b7:70:
         c9:bd:cc:43:01:5e:f8:8d:85:0f:6c:4a:2f:d1:78:40:ad:d9:
         53:e4:6f:2a:a2:da:d1:ed:70:69:1e:99:32:7d:82:d5:1f:ae:
         40:7d:c4:a9
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFAAn6sgOby7zIFxXfSJ4TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjc1M2YxYjYzNmI4MjczZWE5NjM5NjE5NDkxNjhhMjE1MWY3Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WbgxB9k77T6mo5RRSlHkdcTp3cC
pLPKD1/sZvTkGgTeewlPeVxxGcMDV5bx0yyU0aGITHuSe1T9zbHOyPQgUZ14itRK
DPBzuKwP/h1UNc6+4w987SL1DBNIes9ywZNAOW57oWU8Ce0Vy2xFAcOi1rvCtli9
F0cAHyQs7nirEUIN9DjpO3FMjnIMWFzrejiFO5jqCvrofwicmSjNljcyM8gxG/iD
bWMj73AwIbWXEfaIyv+O1N+YhPhhZj9sa24iZZRvCFpBVSDXhBa8ljOzrdb68M4q
Q8ua+ryESL7BtD1dtvh9KeTS6N6nvpYCLSdzinKpsdMRtdo82BFbIr5cJwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOJ1Pxtja4Jz6pY5YZSRaKIVH3eJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwL2UzNThm
My0zMTg4LTQ5MTItOWMzMS1jYTEwM2FjNDViNmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvZTM1OGYz
LTMxODgtNDkxMi05YzMxLWNhMTAzYWM0NWI2Yy8xLzRuVV9HMk5yZ25QcWxqbGhs
SkZvb2hVZmQ0ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMQ0DANBgkqhkiG9w0BAQsFAAOCAQEAIrJ1E1z3fTqi
Apg8Fdm5kNTo0S/fnDbTu5mhyDWVLKmpXan0kwKMDVxoUIrT6/iFXk3hzQhNmK8J
n9CC0YB65H3PYiErPQn5fyfp7pRRLrJK5pY34kGTKG7El88oXR+OaoebToNq+66Y
Vlj8XkLvVfbBQW7KhMHJWklIUyZCL2XqyTE0INnL5rklSYRT0l0vF/d7aGX4I16C
Yqxz/WssaCuWjIL8E83D096/+69vIwvpp8eXYFyWV0RL1MggKrJrKdj5qHDA/dZ8
e1LdHGrwFZcgheB7MLdwyb3MQwFe+I2FD2xKL9F4QK3ZU+RvKqLa0e1waR6ZMn2C
1R+uQH3EqQ==
-----END CERTIFICATE-----